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10 FIELD OF THE INVENTION 

The present invention relates to content delivery over a large computer network, 
and more particularly to a computer network architecture which integrates management 
components such as a reservation system, a funds flow system, a metering system, and a 
security system for preventing unauthorized use of courseware and other content. 

15 

TECHNICAL BACKGROUND OF THE INVENTION 

More and more paintings, pictures, books, songs, other performances, texts, 
diagrams, recordings, video clips, and courses utilizing them for instructional purposes 
and/or entertainment are becoming available in machine readable forms. In particulair, 

20 many computer-assisted lessons, training materials, and other instructional courses include 
works which can be protected under intellectual property laws, such as visual works, 
audio works, texts, examinations, simulations, and other works. Some sensory works 
experienced while using computers, such as the physical motions performed with a flight 
simulator, may also be protected. Still other computer-aided sensory experiences are 

25 foreseeable but not yet commercially implemented, such as smells that could enhance a fire 
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fighting course or a course on the detection of illegal drugs. These will also benefit from 
protection. 

"Computerized training", "computer-assisted instruction", "computer-aided 
learning", "web-based training", "intranet-based learning", "web courses", "virtual 

5 university", "computerized curriculum delivery system", "courseware delivery system", 
"instructional management system", "interactive educational method", and similar phrases 
are used by various people in various ways, but each of these terms refers to efforts to use 
computers to help educate students. As used here, "students" are not necessarily 
traditional students enrolled in high schools, colleges, universities, and the like, but are 

10 rather people who receive instruction through courseware. Courseware may be used by 
traditional students, but it may also be used by employees of government agencies and 
corporations, for instance. 

To better understand the present invention in the context of existing computer- 
assisted educational efforts, it will helpful to understand certain distinctions, including 

15 without limitation the following: 

• Course authoring vs. course content delivery; , 

• Stand-alone computer-based training vs. networked instruction; 

• Synchronous sharing vs. asynchronous sharing; 

• Commercial systems vs. academic systems; and 

20 • Technical vs. legal means for securing intellectual property. 

• Courseware vs. other content 

Authoring vs. Delivery 

25 Many uses of computers to facilitate education focus on providing authoring tools 

and authoring environments. For instance, tools for authoring include tools for re- 
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formatting text into HTML format and adding hyperlinks; tools for integrating audio 
and/or video content with text content; and tools for creating interactive forms to obtain 
information from students and provide appropriate responses. In short, authoring tools 
help instructors create courseware content. 

5 By contrast, delivery tools help deliver courseware to students. In the case of 

"web-based training", "intranet-based learning", and "web courses", delivery tools 
typically include TCP/IP networks and web browsers. Computer workstations themselves 
may also be viewed as delivery tools, particularly when the courseware is written to be 
used on a stand-alone computer rather than being delivered over a network connection. 

10 Many existing approaches to computer-aided teaching include both authoring and 

delivery components. However, the problems and solutions associated with authoring are 
not necessarily the same as those associated with delivery. The present invention is 
concerned primarily with delivery as opposed to authoring. 

15 Stand-alone vs. Networked Instruction 

Many computer-based training systems do not require a network connection in 
order to function. All necessary courseware content is stored on a computer disk, CD- 
ROM, or other medium which is directly accessible to the computer being used by the 
student, making it unnecessary to send any content over a network connection. The tools 
20 and techniques for managing courseware content in such stand-alone systems are basically 
the same as the tools and techniques for managing application programs, operating 
systems, and other types of software installed on user workstations, namely written 
• licenses, disk copy-protection schemes, license serial numbers, and the like. 
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By contrast, network-based training approaches either take advantage of a 
network connection if one is available, or else they require such a connection. Different 
network-based systems use the network in different ways. Sometimes courseware content 
is stored on a server and delivered over the network to users as needed. In some cases, 
part or all of the content is stored on the local network node but licensing is enforced 
through a server. For instance, the content stored locally might be encrypted, and the 
decryption key might be available only from the server and then only after the user is 
authenticated. Some network-based educational systems allow students to interact with 
one another and/or with the instructor through email or chat rooms. Some systems 
administer tests by having the student send test answers to a server, which grades the test 
and notifies the student of the results. Some systems provide instructors with access over 
the network to a database of administrative information such as student grades and a list 
of the students who have viewed a given lesson. Of course, many systems combine one or 
more of these features and some also use networks in other ways. 

The present invention is concerned with network-based courseware delivery 
systems, as opposed to stand-alone courseware delivery systems. 

Synchronous vs. Asynchronous Sharing 

Networked courseware delivery systems may share content between multiple users 
synchronously or asynchronously. With synchronous sharing, users and/or instructors 
exchange information in a real-time or interactive way. Examples of synchronous sharing 
include telephone conversations, video conferencing, and chat rooms. By contrast, 
■ asynchronous sharing involves an exchange of information in which the participants expect 
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substantial delays, or they involve a one-way flow of information rather than an exchange. 
Examples of asynchronous sharing include downloading a previously created multimedia 
presentation, listserv exchanges, and Usenet postings. Email does not fit neatly in either 
category, because it can be either synchronous or asynchronous in practice. 
5 Some aspects of the present invention are concerned with asynchronous sharing, 

and in particular with asynchronous delivery of previously created courseware content. 
However, other aspects of the invention are concerned with synchronous information 
exchanges, such as funds transfers. 

10 Commercial Systems vs. Academic Systems 

As noted, some courseware students attend traditional institutions of higher 
education. In many cases, those students pay for their use of courseware by paying tuition 
to the institution. If the institution is not the owner of the courseware, the institution then 
makes separate arrangements for payment to the owner. Likewise, students who are 
15 employees of a government agency or corporation generally receive access to courseware 
through their employer without personally making arrangements to pay the courseware 
owner directly. In either case, at the time a student sits down to actually use the course- 
ware it may be necessary to authenticate the student to the system but it is not necessary 
for the student to provide a credit card number or similar payment mechanism. For 
20 convenience, courseware management systems which do not require direct payment from 
students are referred to herein as "academic systems". 

By contrast, in "commercial systems" some provision must be made for funds 
• transfer before a student is given full access to courseware content (although a demo 
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might be available at no charge). For instance, each student may be required to provide a 
credit card number, to pre-pay for access by giving cash or a check to an attendant, or to 
provide individual billing information if credit is being extended. 

The present invention is concerned primarily with commercial courseware delivery 
5 systems as opposed to academic courseware delivery systems. 

Technical vs. Legal Security 

As time passes, personal computers and other computational devices are able to 
record into machine readable form more and more complex presentations or experiences. 
10 For example, personal computers in the 1980's mainly manipulated words, numbers, and 
characters; in the 1990's manipulation of icons, images, audio and video has become 
commonplace. The next step may include widespread use of motion, as in simulators, and 
perhaps smell or other additions. As the complexity of the process needed to place these 
words, images, and other sensory experiences into machine readable form increases, the 
15 value of computer software that presents these experiences increases. This increases in 
turn the value of a security system which enforces courseware license agreements. , 

Intellectual property rights are provided by copyright and other laws to encourage 
creative effort by artists, authors, and other people who create paintings, photographs, 
animations, musical works, instructional texts, and other works. These works can be 
20 stored, presented, and utilized in many ways. With the increasing availability of powerful 
computers, many works that were traditionally available on paper, canvas, or tape are now 
stored in computer hard drives and computer RAM (random access memory), and are 
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displayed on computer monitors such as cathode ray tube screens and liquid crystal 
displays. 

Early computers provided minimal technical security means. On early personal 
computers, for instance, typing "copy *.*" would direct the computer to copy every file or 
5 program in a directory. Further simple keystrokes, such as "copy C:/*.* A:/*.*" would 
direct the computer to place the new copies in a new physical location, perhaps copying 
everything from a disk directory in drive C to a portable disk in drive A. Even today most 
personal computers routinely provide an environment that makes it relatively easy to copy 
electronic information in the form of files. 
10 Of course, technical means are not the only way to protect intellectual property 

rights; legal tools in the form of license agreements are widely used. Perhaps the most 
widespread license agreement is a single workstation agreement. In exchange for a license 
fee or an outright purchase price, a set of disks or a CD-ROM containing digitized works 
and/or executable code is transferred to the purchaser, often with books and/or 
15 instructions on paper. Sometimes the works are transferred over a network such as the 
Internet in digital form. The purchaser is typically informed that the code or information 
may be used an unlimited number of times on a single workstation or other computer. 

This approach worked fairly well in the day of the stand-alone personal computer. 
It does require that the producer of the code or other protectable work place some trust in 
20 the buyer, since the buyer often could copy the code or information onto more than one 
computer. The barriers were mainly legal, not technical. In locations where intellectual 
property was not a well-established and respected concept, widespread copying of 
: information and executable code reduced income and profits to producers of computer 
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based information and applications by diverting income and profits to illicit "factories" 
which reproduced computer disks and CD-ROMs without permission from the rightful 
owner. 

Many technical protection schemes were developed to combat the ability of the 
market to reproduce information without payment to the owner. Some "copy-protection" 
schemes made it difficult to make copies, regardless of the legitimacy (e.g. for 
unauthorized resale versus for proper backup) of the copies. 

Other schemes defined zones of control on a CD-ROM and made a "key" 
necessary to read the zones. For instance, if a CD-ROM had 600 megabytes of 
information on it, a person might buy the legal right to see, view, or use 100 megabytes 
for $50.00. Information would be available in the first 100 megabyte zone regarding the 
contents and cost of information in the second or third 100 megabytes. For an additional 
fee or fees, the viewer could obtain the key to additional segments of the CD-ROM. For 
instance, a second $50 might buy the right to use the second 100 megabytes and a third 
$50 fee might permit the use of the third 100 megabytes. 

A problem with this approach (and with copy-protection schemes) is that once a 
single purchase has been made of all the information, or access to all the information on 
the disk or CD-ROM has been obtained once, the information could be reproduced at will. 
An unauthorized factory could produce thousands of copies to be resold with no benefit to 
the rightful owner of the intellectual property. 

Similar problems exist with the site license approach to protecting intellectual 
property. A licensed site such as a corporation or a government agency obtains the right 
• to use a program or digitized information from the intellectual property owner, and is 
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given a set of disks, CD-ROMs, or file-server-based copies of the licensed work for 
authorized internal use. The intellectual property owner relies upon the corporation or 
agency not to share the information or program outside the bounds of the license. But the 
major tool for enforcing the license agreement was not technical. Instead, it was respect 
5 for the law and the agreement. Unfortunately, some corporations and even some govern- 
ment agencies were staffed, at least in part, by people willing to take home a copy of the 
software or other licensed work and share it or sell it to an illegal copying factory. 

Under a common relationship between works of intellectual property and the 
Internet, users view courseware and other information for free. The information is shared 
10 for free because providing the information helps the work's owner sell a product, or saves 
the owner money by reducing technical support costs, for example. In the research 
community, huge sets of information are regularly exchanged via file transfer protocol or 
other digital means. Similarly, information in courses can be made available on the web, 
and can be viewed via a browser. 
15 The present invention relates to protecting content both by technical means and by 

legal mechanisms. Although some information may be shared for free within a system 
according to the invention, much of the information available through the inventive system 
is provided only in exchange for license fees or the like paid by students or their 
employers. 

20 

Courseware v. Other Content 

Those of skill in the art will recognize that many of the comments above apply not 
: only to courseware, but also to other types of digital content, including without limitation 
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musical recordings, visual images, and the like. Such content may appear as components 
of multimedia courseware, but it may also be distributed independently of courseware 
and/or for purposes other than education. As used herein, "content" includes both 
courseware and other kinds of digital content. 

Additional Considerations 

In addition to the considerations above, certain trends are worth noting. Many 
courses are available on the web, yet in general the more attractive the course is (visually, 
in activity, motion, video, sound, and so on), the more time it takes to refresh the 
computer screen at the user's workstation. To reduce download time, more and more 
bandwidth is requested. Users go from a POTS ("plain old telephone system") line, to an 
ISDN line to a Tl line, with increasing costs at each stage. However, the cost of 
computer storage is dropping rapidly. As most machine readable classes remain less than 
a gigabyte in size, the cost of forward storing a machine-readable class to the personal 
computer owner wishing to take the class is dropping rapidly. 

As the speed of market developments in the computer industry increase, the delay 
and cost of obtaining legal remedies increase, and the technical ease of copying and 
distributing electronic information increases dramatically with the interconnections 
available via the Internet, improved tools for managing courseware are needed. 

As discussed above, a wide range of computer-assisted educational features and 
capabilities have been explored, at least to some extent. However, existing approaches 
have been less successful at combining these features and capabilities into an architecture 
which securely and effectively shares commercial courseware. Accordingly, it would be 
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an advancement in the art to provide an improved computer architecture for sharing 
commercial courseware and other content over a network. 

BRIEF SUMMARY OF THE INVENTION 

5 The present invention provides improved capabilities for managing courseware and 

other content in a shared use operating environment such as a computer network. In 
particular, the invention provides a commercial networked content delivery method and 
system which does not exclude synchronous sharing but is focused on asynchronous 
sharing. 

10 One method of the invention operates in a network containing a registration 

server, a content server connected to the registration server, and several client work- 
stations connected to the content server. After a user registers with the registration server 
and requests access, the content server authenticates the request and serves the content to 
the client workstation for presentation to the user. Content may be moved by the system 

15 between content servers in response to actual or anticipated user requests; users may 
reserve courses for later viewing. If the target content server lacks room to receive the 
incoming content, the system makes a recommendation to the local administrator as to 
which content should be deleted from the content server in order to make additional room. 
Courseware and other content managed by the system may contain one or more 

20 "critical portions" which have been treated to prevent their unauthorized use and thereby 
enhance the protection of intellectual property rights in the content by technical means. 
For example, the treating step may insert disabling code into an executable portion of 
courseware, may encapsulate the critical portion in a database table, may compress the 
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critical portion, and/or may encrypt the critical portion. In addition, the content sen/er 
and/or client workstation may disable use of a critical portion if an expected security 
handshake is not received. Caching and other disk writes at the client may also be 
disabled to prevent a permanent copy of the critical portion from being created at the 
client. To take advantage of low cost telephone connections, part or all of the content 
may be downloaded to the client workstation one or more hours before serving the critical 
portion. 

The system also monitors the connection between content server and client, and 
meters use of the content so that the user pays only for actual use. Pre-existing works can 
be metered without being modified. In some cases, however, a metering security module 
is injected by linking or recompilation into the machine readable form of a work that 
contains legally protectable intellectual property. Adding the metering security module 
alters the system, such as by inserting disabling code, so that the system will not play or 
display the content unless the metering security module is operating. "Playing" a work 
includes displaying it, executing it, digitally manipulating it, or otherwise performing an 
act governed by the license agreement or by relevant intellectual property law. Unless the 
metering security module is engaged and authorizes the use, a monitor will not display 
certain protected words or images or motion images, speakers will not play certain 
protected sounds, motion simulators will not perform certain protected motions, and so 
forth. 

The user receives an invoice for use of the courseware or other content. A local 
administrator can be authorized to adjust invoices in response to user requests. For 
instance, the administrator may determine that the user did not finish viewing the course in 
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question, or accidentally started the wrong course, and then reduce the charges on that 
basis. If the user previously provided a credit card payment authorization to permit 
payment by credit card, a funds flow manager makes appropriate adjustments to the credit 
card charges. 

5 In short, the architecture of the present invention provides improved security, 

efficiency, and convenience for the management of courseware or other content in a 
shared operating environment such as a network or a collection of loosely coupled 
networks. For instance, additional security is provided by separating registration 
information from content, by identifying and treating critical portions, and by monitoring 

10 the connection over which content is supplied to a client. Convenience and efficiency are 
provided by optional early downloading, by reservation capabilities, and by a combination 
of automatic and local administrator control. Additional features and advantages of the 
present invention will become more fully apparent through the following description. 

15 BRIEF DESCRIPTION OF THE DRAWINGS 

To illustrate the manner in which the advantages and features of the invention are 
obtained, a more particular description of the invention will be given with reference to the 
attached drawings. These drawings only illustrate selected aspects of the invention and 
thus do not limit the invention's scope. In the drawings: 
20 Figure 1 is a diagram illustrating a network architecture according to the present 

invention, including a registration server, several content servers, and several clients. 

Figure 2 is a diagram further illustrating a portion of the network architecture of 
Figure 1, including a content server and several clients. 
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Figure 3 is a diagram further illustrating a registration server. 
Figure 4 is a diagram further illustrating a content server. 
Figure 5 is a diagram further illustrating a client of a content server. 
Figure 6 is a flowchart illustrating methods of the present invention, including 
5 steps for providing enhanced security to protect intellectual property rights in critical 
portions of content. 

Figure 7 is a flowchart illustrating methods of operation in the present invention, 
from the point of view of a courseware user. 

10 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

The present invention relates to methods, systems, and configured storage media 
for managing courseware and/or other content in a shared use operating environment. 
Courseware includes digital instructional and/or entertainment content in the form of 
software, digitized sounds, digitized images, digitized motion paths, digitized chemical 
15 compounds, and other works which can be transmitted over a computer network for 
presentation to a user and which contain intellectual property that is protectable by 
copyright, patent, trade secret, trademark, trade dress, moral rights, common law rights, 
contract, and/or other sources of legal authority. Courseware is sometimes referred to 
herein as a "course" or "class" or "work" or "content"; "content" and "work" are used 
20 interchangeably to describe material of which courseware is just one example. Specific 
examples of courseware and other content are given to illustrate aspects of the invention, 
but those of skill in the art will understand that other examples may also fall within the 
• scope of the invention. 
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A shared use operating environment is an environment in which more than one 
person can use content, without necessarily sharing a specific copy of that content, with 
the assistance of a computer network or a collection of coupled networks. As used here, 
"network" includes local area networks, wide area networks, metropolitan area networks, 
and/or various "Internet" networks such as the World Wide Web, a private Internet, a 
secure Internet, a value-added network, a virtual private network, an extranet, or an 
intranet. 

Overview of the Architecture 

Figure 1 illustrates generally an architecture 100 of a shared use operating 
environment according to the present invention. The architecture 100 includes at least 
three levels which are defined according to the functionality and data that are present 
and/or intentionally omitted from each level. Those of skill in the art will appreciate that 
the levels may be being named differently in various embodiments, but for clarity they are 
referred to herein as a registration server level 102, a content server level 104, and a client 
level 106. 

i 

The registration server level 102 includes at least one registration server 108. The 
functionality and data associated with the registration server(s) 108 are described in detail 
below. At this point, it is sufficient to note that each registration server 108 includes a 
remote registration manager and a registration database for new user registration, and that 
each registration server 108 is free of courseware or other deliverable content that is 
managed by the architecture 100. In particular, courseware is not stored on the 
registration server 108. 
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The content server level 104 includes at least one content server 1 10. For clarity 
of illustration, three content servers 1 10 are shown, but an embodiment of the invention 
may include one or more servers 110. Each content server 1 10 is linked by a link 1 12 for 
network communications with a registration server 108. In an embodiment containing a 
5 single registration server 108, such as the embodiment illustrated, each content server 110 
thus has a network connection 1 12 (or may readily obtain such a connection) to that 
registration server 108. In embodiments containing more than one registration server 108, 
different content servers 1 10 may communicate over one or more network links 1 12 with 
one or more of the registration servers 108. Each network link 112 may involve a 
10 dedicated link, a virtual circuit, a tunnel through one or more intervening networks, or one 
or more other types of network communication links known to those of skill in the art. 

Each content server 1 10 contains courseware and/or other works managed by the 
architecture. Like the registration server 108, a content server 1 10 may also contain data 
which is not managed by the architecture and which is thus of no concern here unless it 
15 interferes with operation of the system 100. Each content server 110 serves the managed 
content for presentation to registered users, that is, users who have previously been , 
registered with the registration server 108. At a minimum, registration provides users 
with a unique user name or user ID; it may also coordinate a password or otherwise 
manage access control. With the possible exception of registration for free 
20 demonstrations, which may be available in some embodiments, registration also obtains 
billing or payment information such as the user's credit card information, purchase order, 
and/or sponsor identity. 
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The registration server 108 and the content server(s) 110 may be implemented 
with a combination of computer hardware (e.g., disk or other non-volatile storage, RAM 
or other volatile storage, one or more processors, network interface cards, supporting I/O 
equipment) and computer software (e.g., operating system software, networking software, 
5 web browser software, and inventive software as described herein). In particular, suitable 
software for implementing the invention is readily provided by those of skill in the art 
using the teachings presented here and programming languages and tools such as Java, 
Pascal, C++, C, CGI, Peri, SQL, APIs, SDKs, assembly, firmware, microcode, and/or 
other languages and tools. A given computer may host several content servers 1 10, or it 
10 may host several registration servers 108, but a content server 1 10 and a registration 
server 108 may not reside on the same computer because that would violate the 
requirement that registration servers 108 not contain courseware. 

The client level 106 includes at least one client workstation 1 14, and typically 
includes multiple workstations 114. Each client workstation 1 14 is connectable to a 
15 content server 1 10 by a client-server network communications link 116, such as a local 
area network link. At some point, each client workstation 1 14 is able to present, to at 
least one registered user, courseware and/or other content which is served over the link 
1 16 by the content server 1 10. The content may be conventional content, or it may be 
modified by treating critical portions as described herein, or it may be a combination of 
20 untreated and treated works. Although clients 1 14 are referred to as workstations in 
deference to the expected typical situation, it will become clear that laptops and other 
computers may also serve as clients 1 14. 
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Registration servers 108, content servers 110, and clients 1 14 are further 
illustrated in Figures 3, 4, and 5, respectively. However, before describing those three 
Figures the relationship between content servers 110 and clients 1 14 is discussed with 
reference to Figure 2, and the relationship between registration servers 108 and content 
servers 1 10 shown in Figure 1 is described in greater detail. 

A Network of Content Servers and Clients 

Figure 2 further illustrates one of many possible client-server networks 200 
suitable for use according to the invention. The network 200 includes one content server 
1 10 and four clients 114. Other suitable content-server-client networks 200 may contain 
other combinations of content servers 1 10, clients 1 14, and/or peer-to-peer nodes which 
perform as content servers 1 10 and/or clients 1 14 according to the invention; with 
appropriate software, a given computer may function both as a client 1 14 and as a server 
110. The computers 110, 114 connected in a suitable network 200 may be workstations, 
laptop computers, disconnectable mobile computers, uniprocessor or multi-processor 
machines, mainframes, so-called "network computers" or "lean clients", personal digital 
assistants, or a combination thereof. Nonvolatile storage 202, printers (not shown), and 
other devices may also be connected to the network 200. 

The network 200 may include communications or networking software such as the 
software available from Novell, Microsoft, Artisoft, SCO, and other vendors, and may 
operate using TCP/IP, SPX, IPX, and other protocols over connections 116 that include 
twisted pair, coaxial, or optical fiber cables, telephone lines, satellites, microwave relays, 
modulated AC power lines, and/or other data transmission "wires" known to those of skill 
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in the art. The network 200 may encompass smaller networks and/or be connectable to 
other networks through a gateway or similar mechanism. 

As suggested by Figure 2, at least one of the computers 1 10, 1 14 is capable of 
using a floppy drive, tape drive, optical drive, magneto-optical drive, or other means to 
5 read a storage medium 204. A suitable storage medium 204 includes a magnetic, optical, 
or other computer-readable storage device having a specific physical configuration. 
Suitable storage devices include floppy disks, hard disks, tape, CD-ROMs, PROMs, 
random access memory, and other computer system storage devices. The physical 
configuration represents data and instructions which cause the computer system to operate 
10 in a specific and predefined manner as described herein. Thus, the medium 204 tangibly 
embodies a program, functions, and/or instructions that are executable by computer(s) to 
assist content management generally, and license enforcement in particular, substantially as 
described herein. As used herein, "executable" includes "interpretable"; executable code 
thus includes compiled code as well as codes like Java byte codes or interpreted BASIC 
15 statements. 

i 

A Network of Registration Servers and Content Servers 

As noted, the network 200 involves at least one content server level 104 computer 
and one or more client level 106 computers 1 14. Some of the characteristics of the 
20 network 200 may also apply to networks, such as that shown in the upper two-thirds of 
Figure 1, which involve the registration server level 102 and the content server level 104. 
For instance, the computers 108, 110 may be workstations, uniprocessor or multi- 
. processor servers, mainframes, or a combination thereof such as a cluster. Nonvolatile 
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storage such as a disk array and/or other devices may be connected to the computers 108, 
1 10. The computers 108, 110 may be linked by communications or networking software 
such as the software available from various vendors and may operate using TCP/IP and/or 
other protocols over connections 1 12 that include data transmission "wires", as described 
5 above. The computers 108, 110 may likewise be part of a network which encompasses 
smaller networks and/or is connectable to other networks. Finally, the computers 108, 
1 10 may be capable of using a drive or other means to read a configured storage medium 
204. 

One example of a network 200 suitable for a metered security relationship is a 
10 network holding several thousand machine readable courses. A conventional approach 
charging one fee for unlimited use of each machine readable course by a single personal 
computer 1 14 or a single location (e.g., a corporation or agency) would be prohibitively 
expensive. In an embodiment according to the invention, the secured courseware or other 
content can be shared by various users, and each minute of use is counted and billed to the 
15 user or to the sponsor of the user (e.g., the corporation or agency employing the user). 
Unlimited use is not required, and the license fee is reduced accordingly. 

I 

Registration Server 

Figure 3 further illustrates a registration server 108. The registration server 108 
20 includes at least a portion of a registration manager 300 and of a corresponding user 
registration database 302. Collectively, the manager 300 and the database 302 form a 
registration module which provides at least unique user IDs and user password support. 
The registration module may also obtain and store in the database 302 information such as 
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the identity of a corporate or government sponsor that employs the user, and the user's 
email address for use in notifications of upcoming services or events. 

The proposed user ID and password are checked against existing registration 
information in the database 302 to make certain they are unique throughout the archi- 
5 tecture 100 embodiment. This provides security to users so that charges for services will 
be valid and services cannot be stolen by an unknown or duplicate user and then charged 
to the wrong user ID. Of course, users must still be careful to keep their own password 
information confidential and to choose passwords which are not simply a copy of their 
username or other easily guessed information. User login and authentication tools and 
10 techniques familiar to those of skill in the art may be used. 

Security is enhanced by making all new registrations go through the registration 
server 108. New user registration information is processed on the registration server 108; 
user registrations cannot be created by any content server 110. The updated registration 
database 302 is replicated in a read-only format to content servers 1 10 so they can 
15 recognize registered users, but a new user registration cannot be created directly on a 
content server 1 10. One advantage of this approach to users is that they need not repeat 
registration information each time they log onto a client 1 14. Registration database 302 
replication may be performed using Oracle 8.0 enterprise software or other familiar means. 
As illustrated in Figures 3 and 4, in one embodiment of the architecture 100 a 
20 portion of the registration module resides on each registration server 108 and a portion 
resides on each content server 110. Other embodiments may distribute registration 
module functionality differently between the three levels 102, 104, 106, subject to the 
appended claims. Those of skill in the art will readily implement the registration manager 
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300 based on commercially available tools and languages such as C++ or Java and the 
description given herein. The database 302 may likewise be implemented as an Oracle 
database or in another familiar database format. In one embodiment, Java software in the 
registration manager 300 is used to write new user registration information to an Oracle 
5 database 302. 

The registration server further includes a reservation manager 304 and a 
reservation database 306. Collectively, the manager 304 and the database 306 form a 
reservation module which permits registered users to reserve courseware or other content. 
In combination with the funds flow system described herein, the reservation module allows 
10 a user to book a guaranteed seat, a classroom, or another service, secure in the knowledge 
that it will be held for them until the specified time. In some embodiments, the funds flow 
system will charge users for such guaranteed resource reservations regardless of whether 
the resource is actually used, because the resource was kept unavailable for use by others. 
The reservation module can present a user with a menu or a schedule of courseware 
15 presentation events in various classrooms or other locations. It can also tell the user 
whether a given courseware event or piece of content is available at a given time and 

s 

whether a particular work is already scheduled for use at that time. 

Other embodiments may distribute reservation module functionality differently than 
shown between the three levels 102, 104, 106, subject to the appended claims. In one 
20 embodiment, the reservation module includes commercial off-the-shelf scheduling 
software provided by AC&E Ltd. of Chantiliy, Virginia; in other embodiments, other 
scheduling software may be used. The reservation manager 304 may also be implemented 
using commercially available tools and languages such as C++ or Java and the description 
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given herein. The database 306 may be implemented as an Oracle database or in another 
familiar database format. 

The illustrated registration server 108 also includes at least part of a funds flow 
manager 308 which manages content usage payment information. As illustrated in Figures 
3-5, in one embodiment of the architecture 100 a portion of the funds flow manager 308 
resides on each client workstation 1 14, a portion resides on each content server 1 10, and a 
portion resides on each registration server 108. Other embodiments may distribute funds 
flow management functionality differently between the three levels 102, 104, 106, subject 
to the appended claims. 

The funds flow manager 308 accepts payment information such as a purchase 
order number or a credit card authorization. If payment is to be made by credit card, the 
funds flow manager 308 places a hold with the credit card provider or bank before the 
courseware and/or other content is presented. In connection with sending the user the 
final invoice, the funds flow manager 308 contacts the bank to transfer funds from the 
user's account or the sponsor's account to the service provider's account or the content 
owner's account. 

j 

The funds flow manager 308 makes customer interactions with the system 100 
faster and more effective. For example, upon first using the system 100, the user may 
provide a billing code such as a corporate purchase order number or credit card number. 
Once this information is accepted by the funds flow manager 3 OS, the user may make it the 
default payment option to be applied when logging out after future service purchases. 

The funds flow manager 308 may also provide a custom menu to users. For 
instance, the system 100 may be configured so that only courses approved by a particular 
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entity are displayed if the user identified that entity as its sponsor while signing on. If this 
same user wishes to see other courses, the user may log out and then login again as an 
individual client, after which all courses available for individuals (whether employed by the 
sponsor in question or not) will be displayed as possible selections. 
5 The illustrated registration server 108 also includes at least part of a content 

movement manager 310 which moves courseware and/or other content to content servers 
1 10 in response to actual or anticipated requests from users for access. As illustrated in 
Figures 3 and 4, in one embodiment of the architecture 100 a portion of the content 
movement manager 310 resides on each content server 1 10 and a portion resides on each 
10 registration server 108. Other embodiments may place all content movement management 
functionality at the content server level 104. 

The content movement manager 310 interacts with scheduling software such as the 
reservation module and a launch manager 404 which is discussed below. When a user 
selects courseware and/or other content for use at a given location, the scheduler 
15 determines whether the content is already resident on a content server 1 10 at or near the 
requested location. This determination may be made by reference to a database which 
tracks content locations, or by making an inquiry to the local content server(s) 1 10. 

If the content is not resident at the desired location, the scheduler places a call to 
the content movement manager 310. The content is automatically packaged for shipment 
20 from another content server 1 10 by FTP (file transfer protocol) or other familiar means, 
with appropriate encryption and/or compression. The source content server 110 may be a 
typical content server 1 10 as described above, or it may be a master content server 1 10. 
Each master content server 1 10 serves primarily as a content repository for other content 
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servers 1 10, as opposed to serving primarily as a source of content for directly attached 
clients 114. 

The content movement manager 310 checks with the target content server 1 10 to 
determine whether sufficient disk space is available to receive the incoming content. If 

5 there is not enough space, the content movement manager 310 makes a recommendation 
to a local administrator regarding which content to delete to make room for the incoming 
content. The recommendation may be based on various factors, including storage 
requirements and which courseware at the target server 1 10 was used most recently or is 
scheduled for use. For instance, if a course has not been used for several months and has 

10 not been reserved, the content movement manager 3 10 is more likely to recommend that it 
be deleted than if it was used more recently or has been reserved. In one embodiment, the 
content movement manager 310 cannot delete content; only the local site administrator 
can. 

Some embodiments of the architecture 100 include a backup registration server 
15 108 which contains data mirrored from the primary registration server 108 shown in 
Figure 1. As usual with mirrored systems, the backup server 108 will generally be in a 
different physical location than the primary server 108. Data mirroring tools and 
techniques familiar in the art may be used. 

In addition to the functionality described above, the registration server 108 may 
20 provide advertising and other inducements for Web walkers and potential users of the 
system 100 to become familiar with the system 100, and to register for services provided 
through the system 100. 
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Content Server 

Figure 4 further illustrates a content server 1 10. The content server 1 10 includes 
operating system software and networking software, such as Windows NT operating 
system software, UNIX or Linux operating system software, Ethernet or NetWare 
5 networking software, and/or other software discussed in connection with Figure 2. 

Unlike the registration server 108, the content server 110 contains courseware 
and/or other managed content 400. The content 400 may take a variety of forms, 
including software, video, audio and other types of digital content. The content 400 may 
also be treated according to the present invention by identifying critical portions and 
10 providing enhanced security for those portions. Security for the content 400 as a whole is 
also provided by a security manager 402, which monitors use of the content 400. In the 
illustrated embodiment, a portion of the security manager 402 resides on each client 
workstation 1 14 and a portion resides on each content server 110. In alternative 
embodiments, the security manager 402 may reside entirely on the content server 1 10 or 
15 entirely on the client 1 14. 

As illustrated, a portion of the registration manager 300 resides on the content 
server 110. At the content server level 104, the registration manager 300 only needs to 
recognize registered users and provide them with access to content 400. New users are 
created at the registration server level 102. In one embodiment, the registration manager 
20 300 includes dynamic HTML and/or commercially available Oracle Web Application 
Server software, from Oracle Corporation of Redwood Shores, California. Use of the 
Oracle software may require that a portion of the registration manager 300 also reside on 
each client 1 14 and/or on the registration server 108. 
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Critical portions of the content 400 may reside in database tables managed by the 
security manager 402. For example, executable portions of content or synchronization 
information for coordinating audio and video in content may be stored in a database table. 
Database table names do not necessarily reflect content in the straightforward manner in 
which more typical content file names can reflect file content. Also, database tables may 
be difficult to access directly through the file system; it may be necessary to go through 
the database management software. Accordingly, placing content 400 in database tables 
tends to make it more difficult for unauthorized users to locate and use the content 400. 

In addition, when content 400 is moved between computers (be they clients 114, 
servers 1 10, or a mixture), critical portions of the content 400 may be divided between 
two or more data tables so that theft of any single data table will not provide satisfactory 
service. As a further precaution, in one embodiment the security manager 402 sends one 
or more critical portions of content (possibly in data table format) only to a client 1 14's 
volatile memory rather than sending all critical portions to nonvolatile memory such as a 
client 114 disk. Critical portions sent only to client 1 14 RANI may be scrambled or erased 
when the client 1 14 shuts down or is rebooted, making it even more difficult to make;illicit 
copies of the content 400. 

Each illustrated content server 110 also includes a launch manager 404 for 
launching presentations of courseware 400. The launch manager 404 coordinates initial 
activity such as course 400 selection by the user, any necessary course 400 movement to 
bring the course 400 to the server 1 10 using the content movement manager 3 10, 
initializing security arrangements with the security manager 402, making the network 
connection 1 16 if necessary, and initiating presentation of the course 400 by launching its 
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executable portion or downloading it to the client 114, for instance. In alternative 
embodiments the launch manager 404 functionality is part of a meter manager 406 or part 
of the security manager 402. 

The meter manager 406 meters content usage. In some embodiments, the 
metering manager also monitors the connection 1 16; in other embodiments monitoring is 
performed by the security manager 402. Regardless, the metering manager 406 keeps 
track of elapsed time as a measure of the user' s use of the content. A portion of the meter 
manager 406 resides on each client workstation 114 and a portion resides on each content 
server 110. The two portions of the meter manager 406 create a link which is carried over 
the connection 1 16. That is, the metering link rides on top of an Ethernet or other 
conventional communications link. 

In one embodiment, the meter manager 406 creates a start note (event) when 
courseware is successfully launched. The meter manager 406 will associate this start note 
with a corresponding end note within one minute (or other defined interval) of the time the 
user chooses to finish this course 400 presentation. The difference in time between 
launching the presentation and finishing or interrupting the launched presentation is the 
metered difference, which will serve as the basis for the invoice presented to the user or to 
the user's sponsor. 

The meter manager 406 may track several open notes for a given client 114, since 
clients 1 14 may use operating system software that allows several executables to run at 
the same time. Metering statistics may be administered using an Oracle database 408 or 
other database 408 to provide system-wide statistics and system-wide information reports. 
In one embodiment, meter manager 406 records are constructed in a format that allows 
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their use in conjunction with a rate table, thereby allowing the funds flow manager 308 to 
create an invoice based on both the particular content 400 used and the elapsed time. 

Every rate in the rate table may be associated with a destination account, such as 
the account of a content 400 vendor or the account of a content-providing site 200 
5 manager. The funds flow manager 308 supports automatic payment using familiar and 
industry standard credit card payment methods. The funds flow manager 308 accepts 
electronic billing information from the meter manager 406, and accepts electronically 
stored payment information such as credit card numbers from the registration module. 
The meter manager 406 and/or security manager 402 provide several security 
10 features. First, the client 1 14 desktop is disabled so that the user can only obtain service 
through the metered and monitored connection 1 16. Second, each element of potential 
service such as multimedia content, executables, and courseware tests, is defeated so that 
its executable portion will not run even if it is located by an unauthorized user. The 
executables are modified to require security handshakes from the meter manager 406 
15 and/or security manager 402 so the service 400 will not operate at all, or will operate for 
only a limited period of time, if the metered connection 1 16 or the meter manager 406 and 
security manager 402 are not present. 

In one embodiment, the client 114 desktop will turn off if the meter manager 406 
on the client 1 14 is not in touch with the meter manager 406 on the content server 1 10 on 
20 a minute-by-minute basis. For the convenience of the user and to ease administration of 
the system 100, the meter manager 406 can be adjusted to invoke this "dead man's 
switch" at various time intervals other than one minute. An aggressive approach makes 


the workstation 1 14 freeze if a single minute passes with no contact A more lenient 
approach may freeze functionality within five minutes after the connection is lost. 

In one embodiment, the same polling software element in the meter manager 406 
which triggers the dead man's switch also provides a periodic update to the database 408 
5 that is used by the funds flow manager 308 for billing. Each minute that the polling 

function of the meter manager 406 returns a message from the client 1 14 to the server 110 
indicating that the user ID remains active on the client 1 14, the database 408 is updated to 
reflect an additional minute of use for billing purposes. 

Polling updates each open request, such as each open courseware presentation. 
10 For instance, if in the first minute the user ID requests a login and then makes one open 
service 400 request, an open event is updated for this user ID in the database 408 table for 
the time elapsed. If the same user ID then requests a second courseware 400 presentation, 
each courseware 400 event ID is associated with the login by this user and this client 
desktop 1 14, and two time events occur to update the database 408. Thus, subsequent 
15 courseware or other service offerings which are opened in the client 114 browser 502 can 
be added to the time table in the database 408 using the same polling function. The . 
polling function operates similarly for sequential (as opposed to concurrent) activity. If 
the user ID for a given login closes a courseware presentation 400 or other event ID but 
retains the login, then while the login time continues to update (enabling billing for use of 
20 the personal computer 1 14), the first courseware 400 offering will end and a new 
courseware 400 offering can begin during the same login session. 
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